The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
Max CVSS
5.0
EPSS Score
2.22%
Published
2014-12-16
Updated
2021-03-05
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
Max CVSS
7.5
EPSS Score
5.65%
Published
2014-12-09
Updated
2016-12-22
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-12-08
Updated
2018-10-30
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
Max CVSS
7.5
EPSS Score
5.22%
Published
2014-12-03
Updated
2017-09-08
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
Max CVSS
5.0
EPSS Score
1.54%
Published
2014-12-02
Updated
2018-10-30
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
Max CVSS
5.0
EPSS Score
2.39%
Published
2014-12-02
Updated
2017-09-08
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
Max CVSS
7.5
EPSS Score
6.25%
Published
2014-11-26
Updated
2016-12-03
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
Max CVSS
7.5
EPSS Score
1.28%
Published
2014-11-28
Updated
2017-01-03
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
Max CVSS
7.5
EPSS Score
1.66%
Published
2014-12-01
Updated
2023-05-18
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.12%
Published
2014-12-16
Updated
2015-11-17
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
Max CVSS
4.3
EPSS Score
0.69%
Published
2014-11-25
Updated
2016-06-30
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Max CVSS
6.8
EPSS Score
0.72%
Published
2014-11-25
Updated
2016-06-30
Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.
Max CVSS
4.3
EPSS Score
0.58%
Published
2014-11-25
Updated
2016-04-04
Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.58%
Published
2014-11-25
Updated
2016-04-04
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
Max CVSS
7.1
EPSS Score
0.29%
Published
2014-11-24
Updated
2018-10-30

CVE-2014-9016

Public exploit
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
Max CVSS
5.0
EPSS Score
3.97%
Published
2014-11-24
Updated
2021-04-20
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
Max CVSS
6.8
EPSS Score
0.69%
Published
2014-11-24
Updated
2018-12-20
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
Max CVSS
7.5
EPSS Score
0.45%
Published
2014-12-05
Updated
2017-07-01
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.06%
Published
2014-12-01
Updated
2018-10-30
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
Max CVSS
4.7
EPSS Score
0.06%
Published
2014-12-01
Updated
2018-10-30
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
Max CVSS
4.3
EPSS Score
65.15%
Published
2014-12-11
Updated
2016-11-28
PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
Max CVSS
5.0
EPSS Score
12.29%
Published
2014-12-10
Updated
2016-09-06
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.
Max CVSS
1.9
EPSS Score
0.06%
Published
2014-11-19
Updated
2018-10-30
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).
Max CVSS
5.4
EPSS Score
0.67%
Published
2014-11-19
Updated
2018-10-30
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
Max CVSS
7.5
EPSS Score
0.95%
Published
2014-11-05
Updated
2019-03-05
244 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!